Managing access control for containers and blobs
The Storage service allows the possibility of unauthenticated access against the Blob service. The reason is that blobs provide an ideal location to store large static content for a website. For example, the images in a photo-sharing site could be stored as blobs and downloaded directly from the Blob service without being transferred through a web role.
Public access control for the Blob service is managed at the container level. The Blob service supports three types of access control: the first type is no public read access, in which all access must be authenticated; the second is public read access, which allows blobs in a container to be readable without authentication; and the third type is full public read access, in which authentication is not required to read the container's data and the blobs contained in it. No public read access is the same access control as for the Queue service and Table service. The other two access control types...